Victor Duchovni wrote:
> On Fri, Feb 24, 2006 at 01:44:14PM +0000, Ben Laurie wrote:
>> Ed Gerck wrote:
>>> Paul,
>>> Usability should by now be recognized as the key issue for security -
>>> namely, if users can't use it, it doesn't actually work.
>>> And what I heard in the story is that even savvy users such as Phil Z
>>> (who'd have no problem with key management) don't use it often.
>>> BTW, just to show that usability is king, could you please send me an
>>> encrypted email -- I even let you choose any secure method that you want.
>> Sure I can, but if you want it to be encrypted to you, then you need to
>> publish a key.
> More strongly, if we've never met, and you are not in the habit of
> routinely signing email, thereby tying a key to your e-persona, it
> makes no sense to speak of *secure* communication to *you*. Which "you"
> would that be, the one who sent me all those exciting zip files of W32
> executables, or the one I think is posting to this list?
> The only identity you (who hypothetically do not garnish each message
> with a signature) have is your mailbox. I can bootstrap that (with
> questionable initial security) to a key via a "private" unencrypted
> email message, and over a time as the key is consistently used grow to
> associate the key with an on-line persona.

Don't forget that the ability to decrypt is just as good as a signature
to prove association of the key.




"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to